E-mail Based Threat Explosion Identified In Advanced Threat Report

FireEye's advanced threat report for the first half of 2012 highlights an increase in the danger of e-mail based attacks targetted at businesses

FireEye has release its 1H 2012 Advanced Threat Report. According to the FireEye report, the first six months of 2012 saw continued increases of malicious infection activity and an intensified danger of email-based attacks as cybercriminals increasingly employed throw-away domains to infiltrate enterprise networks.

The Advanced Threat Report is based on data from the FireEye Malware Protection Cloud, a service powered by thousands of FireEye appliances, as well as direct malware intelligence uncovered by its research team. The report provides a global view into cyber attacks that routinely bypass traditional defences, including firewalls, next-generation firewalls, intrusion prevention systems (IPS), gateways, and anti-virus (AV). Research from FireEye shows that over 95 percent of companies are compromised by advanced malware and most are not aware of the attack.

Key findings in the Advanced Threat Report include:

* Explosive growth of advanced malware infections – According to the report, advanced malware that evades signature-based detection increased nearly 400 percent since 2011, to an average of 643 successful infections per week per company

* Intensified danger of email-based attacks – FireEye researchers saw 56 percent growth in email-based attacks in 2Q 2012 versus 1Q 2012. Additionally, malicious links were more widely used than malicious attachments in the last two months of the second quarter of 2012

* Increased use of dynamic, throw-away domains – FireEye saw a significant increase in dynamic links that were used five times or less. Originating from large-volume email-based attacks, links that were seen just once grew from 38 percent in the second half of 2011 to 46 percent in the first half of 2012

* Patterns of attack vary substantially by industry – Patterns of attack were radically different between the financial services, energy/utilities, healthcare, and technology industries. But one constant remains – industries with significant intellectual property or customer and financial data remain the primary targets as attacks increase

“The results of this report make it even more clear that reactive signature-based defences cannot prevent evasive strains of malware from making their way into the enterprise,” said Ashar Aziz, FireEye founder and CEO. “Attackers continue to remain a step ahead of traditional defences, so organisations must rethink their IT security architecture and implement appropriate security measures to prevent advanced cyber attacks such as zero-day attacks and advanced persistent threats (APTs).”

As cybercriminals develop and invest in advanced malware, enterprises must reinforce their traditional defences with a new layer of dynamic security that is able to detect unknown threats in real-time, thwarting malware communications back to command and control servers and blocking data exfiltration. This extra layer of defence needs to be designed specifically to fight the unknown and zero-day tactics common in targeted attacks and APTs.